Self-hosted mind maps
MindMapVault can run fully on your own infrastructure or as a local desktop app. Host on a VPS, run a Docker deployment for teams, or install the Tauri desktop app for a private, local-first experience — your data and encryption keys stay under your control.
Self-hosting is not only about technical sovereignty; it changes the relationship you have with your notes and maps. When you control the runtime and storage, you remove accidental exposure and reduce third-party risk while keeping full flexibility for backups, integrations, and offline workflows.
Why self-hosted mind mapping
Self-hosting removes third-party access to your notes and mind maps by design. Teams choose self-hosting when they need compliance, auditability, or stronger control over data residency. Individuals choose it when they don’t want their private drafts to transit through or be stored on a shared provider service.
Practically, self-hosting means:
- You choose storage location (VPS, internal server, private S3 bucket).
- You control backups and retention policies.
- You can harden the host network and restrict external access.
These controls let organizations and privacy-conscious users tune trade-offs between collaboration, convenience, and security.
Deployment options and recommendations
- Desktop (Tauri): Best for single users who want a turnkey, offline-first client. The Tauri app runs natively and stores encrypted vaults locally.
- Docker: Recommended for small teams; run on a VPS or internal hardware and expose optional TLS endpoints for sync.
- On-premise: Suitable for organizations that must keep data inside a private network or behind corporate firewalls.
Recommendations:
- Start with the desktop app to validate workflows and exports.
- Use Docker for team setups and automate backups with scheduled encrypted snapshots.
- Provide clear recovery guidance for users since server operators cannot decrypt zero-knowledge vaults.
Security, recovery, and backups
MindMapVault uses client-side encryption by default. That means encryption keys are generated and stored by the client; the server stores only ciphertext. The upside is strong privacy: the operator cannot read your content. The downside is responsibility: if keys are lost, data cannot be recovered by the server.
Recommended backup practices:
- Take regular encrypted exports of critical vaults and store them in separate, secure locations.
- Automate encrypted snapshotting of host volumes while ensuring the snapshots remain encrypted at rest.
- Document recovery procedures for teams and store recovery keys in a privileged, secure location.
Integration and workflows
Self-hosted instances can still integrate with other systems: identity providers for SSO, optional build pipelines for deployment, and internal storage backends. Keep integration surfaces minimal and audit logs explicit to preserve privacy guarantees.
Get started
- Review the self-hosting guide in the docs for step-by-step deployment examples.
- Choose a deployment option that matches your security and collaboration needs.
- Set up automated encrypted backups and test recovery procedures.
If you’d like, use the demo to evaluate the UI locally before deploying to a host.
Why self-hosted mind mapping
Self-hosting removes third-party access to your notes and mind maps. It’s ideal for teams and individuals who need stronger data control, compliance, or offline-first workflows.
Deployment options
- Desktop (Tauri): quick local install for single users.
- Docker: run on a VPS for team access and self-hosting.
- On-premise: deploy on an internal server behind your firewall.
Security & backups
MindMapVault supports zero-knowledge encryption; keys remain client-side. Backup strategies include encrypted exports and regular snapshotting of your host storage.
Get started
- Read the self-hosting guide in the docs.
- Pick a deployment option (Desktop / Docker / VPS).
- Follow the quick-start to spin up your instance and import or create your first mind map.